Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wp-import-export-lite domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6121

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the insert-headers-and-footers domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6121

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wp-pagenavi domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6121
Adaware Web Companion 4.9.2159 - 'WCAssistantService' Unquoted Service Path - exploit.company
header-logo
Suggest Exploit
vendor:
Web Companion
by:
ZwX
7.5
CVSS
HIGH
Unquoted Service Path
428
CWE
Product Name: Web Companion
Affected Version From: 4.9.2159
Affected Version To: 4.9.2159
Patch Exists: NO
Related CWE:
CPE: a:adaware:web_companion:4.9.2159
Metasploit:
Other Scripts:
Platforms Tested: Windows 10
2020

Adaware Web Companion 4.9.2159 – ‘WCAssistantService’ Unquoted Service Path

The Adaware Web Companion version 4.9.2159 is vulnerable to an unquoted service path vulnerability. The 'WCAssistantService' service has a binary path name that is not properly quoted. This could allow an attacker to execute arbitrary code with elevated privileges if they are able to place a malicious executable in the same directory as the service executable.

Mitigation:

To mitigate this vulnerability, it is recommended to update to the latest version of Adaware Web Companion. Additionally, ensure that all service paths are properly quoted to prevent unquoted service path vulnerabilities.
Source

Exploit-DB raw data:

#Exploit Title: Adaware Web Companion 4.9.2159 - 'WCAssistantService' Unquoted Service Path
#Exploit Author : ZwX
#Exploit Date: 2020-01-05
#Vendor Homepage : http://webcompanion.com/
#Link Software : http://webcompanion.com/LP-WC002/index.php?partner=LU150701WEBDIRECT&campaign=www.doc2pdf.com&search=2&homepage=2&bd=2
#Tested on OS: Windows 10


#Analyze PoC :
==============

C:\Users\ZwX>sc qc WCAssistantService
[SC] QueryServiceConfig réussite(s)

SERVICE_NAME: WCAssistantService
        TYPE               : 10  WIN32_OWN_PROCESS
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe
        LOAD_ORDER_GROUP   :
        TAG                : 0
        DISPLAY_NAME       : WC Assistant
        DEPENDENCIES       :
        SERVICE_START_NAME : LocalSystem

Navigation

Suggest Exploit

Services By CQR

cqrsecured